Published on November 27, 2023, 10:55 am

Telekopye: A New Phishing Toolkit Allowing Low-Skilled Hackers To Execute Sophisticated Schemes

Cybersecurity researchers have recently discovered a new toolkit called Telekopye that allows even the lowest-skilled hackers to execute sophisticated phishing schemes. Implemented as a Telegram bot, this toolkit enables hackers to generate fake websites and landing pages, send SMS messages and emails, and create counterfeit screenshots.

The primary targets of Telekopye are popular online markets in Russia, such as OLX and YULA. However, the researchers also observed hackers targeting marketplaces from other countries like BlaBlaCar and eBay. Interestingly, they even targeted victims who had no connection to Russia whatsoever, such as Jófogás and Sbazar.

Telekopye provides criminals with three methods of scamming – targeting buyers twice and sellers once. When targeting buyers, the attackers create a fraudulent purchase site and direct victims there to make an online payment. The site then collects sensitive information including online banking logins, credit card details (and sometimes even account balances), among others.

In addition to scamming buyers, hackers can also deceive individuals seeking refunds by sending them links to phishing sites. Victims believe they are applying for a refund when, in reality, their personal data is being stolen.

When it comes to scamming sellers, the attackers contact the company claiming they have already paid for an item and now seek a refund. To convince victims, they provide a link that supposedly proves the purchase but is actually used to extract sensitive data.

ESET mentioned that Telekopye is still under development with ongoing improvements. The developers promote this toolkit on various platforms including underground forums while openly stating its purpose – scamming users of online marketplaces.

It’s worth noting that these developers are fully aware of potential law enforcement presence in their group; hence they caution users against discussing any information that could expose other members or risk detection by “rats” (law enforcement), imposing bans on those who violate this rule.

As cybersecurity threats continue to evolve and become more sophisticated, it is crucial for individuals and organizations to stay vigilant and adopt effective security measures. Protecting personal information, employing strong authentication methods, and keeping software systems up-to-date are important steps in safeguarding against such malicious activities.

For further insights and updates on cybersecurity, you can explore more articles from TechRadar Pro like “Microsoft claims CyberLink has been breached by North Korean hackers,” “Here’s a list of the best firewalls around today,” and “These are the best endpoint protection tools right now.”


Comments are closed.